a3528d1769254239abf14c2a3271ba710a91d23cadfbce619fba6d99495ede91

Sharing

Copy URL

Twitter E-mail

General

Target

2a41b8df5b88e7e57ad356486e45ae11_JaffaCakes118
Size

2.9MB
Sample

241009-eckk9awgpb
MD5

2a41b8df5b88e7e57ad356486e45ae11
SHA1

79c84e0684aefc93c039b7405dbcb3650bc1c0ce
SHA256

a3528d1769254239abf14c2a3271ba710a91d23cadfbce619fba6d99495ede91
SHA512

2b96ea703dea11564816d3067872c7c5ac7c8d692d0b2931e446ab3d2716a48ea90dce65865abc76252bb4ba827b68061ef270b5f4443e7313a74b20d824989f
SSDEEP

49152:lnqLvvJ9Fod/OpY1Jf+YvoVkXrYErnuKlAhUpd01RMEEWIjf5EfdNQmvLc1UGn:ZqjTyop1CrYsuKlAhUpCMEEFjf5YLzjC

Score

7^/10

Malware Config

Targets

- Target
  
  2a41b8df5b88e7e57ad356486e45ae11_JaffaCakes118
- Size
  
  2.9MB
- MD5
  
  2a41b8df5b88e7e57ad356486e45ae11
- SHA1
  
  79c84e0684aefc93c039b7405dbcb3650bc1c0ce
- SHA256
  
  a3528d1769254239abf14c2a3271ba710a91d23cadfbce619fba6d99495ede91
- SHA512
  
  2b96ea703dea11564816d3067872c7c5ac7c8d692d0b2931e446ab3d2716a48ea90dce65865abc76252bb4ba827b68061ef270b5f4443e7313a74b20d824989f
- SSDEEP
  
  49152:lnqLvvJ9Fod/OpY1Jf+YvoVkXrYErnuKlAhUpd01RMEEWIjf5EfdNQmvLc1UGn:ZqjTyop1CrYsuKlAhUpCMEEFjf5YLzjC
Score

7^/10

discovery persistence privilege_escalation
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  b0c77267f13b2f87c084fd86ef51ccfc
- SHA1
  
  f7543f9e9b4f04386dfbf33c38cbed1bf205afb3
- SHA256
  
  a0cac4cf4852895619bc7743ebeb89f9e4927ccdb9e66b1bcd92a4136d0f9c77
- SHA512
  
  f2b57a2eea00f52a3c7080f4b5f2bb85a7a9b9f16d12da8f8ff673824556c62a0f742b72be0fd82a2612a4b6dbd7e0fdc27065212da703c2f7e28d199696f66e
- SSDEEP
  
  192:4PtkiQJr7jHYT87RfwXQ6YSYtOuVDi7IsFW14Ll8CO:H78TQIgGCDp14LGC
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/nsDialogs.dll
- Size
  
  9KB
- MD5
  
  eac1c3707970fe7c71b2d760c34763fa
- SHA1
  
  f275e659ad7798994361f6ccb1481050aba30ff8
- SHA256
  
  062c75ad650548750564ffd7aef8cd553773b5c26cae7f25a5749b13165194e3
- SHA512
  
  3415bd555cf47407c0ae62be0dbcba7173d2b33a371bf083ce908fc901811adb888b7787d11eb9d99a1a739cbd9d1c66e565db6cd678bdadaf753fbda14ffd09
- SSDEEP
  
  96:oXHqZ4zC5RH3cXX1LlYlRowycxM2DjDf3GEst+Nt+jvDYx4AqndYHnxss:oXHq+CP3uKrpyREs06YxcdGn
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $R0
- Size
  
  33KB
- MD5
  
  ace9f19e19a07de0fe7e0f1e858a523c
- SHA1
  
  898c63c2f9c32d1148f8618a6f9dee89984a8f9d
- SHA256
  
  7e79de7c3ef68b615e86a732597a8022de71a14d81be4b4978db39a67cfc3d57
- SHA512
  
  a2e32fe5c3652824572f8f1a9a7b145e1c17cb6fbffa52903cffa548f450df89d996b933f95726bb514dfaa16c7d9b2ffa1caedf6ccbf6f1a577b48b0b052ebb
- SSDEEP
  
  384:DpbEzt/FPOksY2vb/qDl2uzCnpkDBnAeZv7/HkrWZ75fSvO3PHl/QgIZM46aeHb:DpAztlObS8rnpkCwz/AmAO3PxzC59eH
Score

7^/10

persistence privilege_escalation
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
behavioral7 behavioral8